You too may have spent some time recently, responding to the Shellshock threat. Most (many ?) sites had a pretty good grip and were able to apply available patches easily and reduce their visibility quickly. I thought of one client that still has an old RHEL3 system with a public face. Not used for much, easily overlooked…
Not finding ready to apply RPM packages for this RHEL3 bash – I turned to the search engines and found Steve Jenkins blog post on this very topic. With his excellent guidance I patched my exact version source and produced new binaries for this old system, much easier than I had expected. AND, there were no versionitus complications that often plague older system updates. Of course it helps that something as fundamental as GNUbash would have an extensive archive of old versions, and many, many patches.
This will not always be so easy to fix such a wide-spread problem, so be sure to check with your clients and look for old half-forgotten systems that may still be vulnerable. This is an easy way to become a hero.
Digging deeper into Steve’s blog, I learned some of his history and now more fully recognize his contributions over the years. Anyone else remember WinFiles.COM ?
I’ll probably subscribe to his blog, and learn some more along the way.
Looks like a lot of really good stuff in here.
Thanks Steve.. /;^)